How to bind a custom auth token for outbound API calls from Apigee to backend

Not applicable

I have a requirement to establish a communication channel via Apigee for a REST service as follows with the mentioned authentication mechanisms:

scenario:

A --> Apigee --> B (A accesses a REST service of B via an apigee endpoint)

Suggested authentication mechanisms:

A -> Apigee : API-Key based auth

Apigee -> B

1. Apigee -> custom-auth-service : to obtain a custom auth-token (using a static system to system credential)

2. Apigee -> B : include custom-auth-token as a header

Appreciate a feedback on the feasibility of the above and also a sample implementation if available.

In addition, it would be an added advantage if the custom-auth-token can be reused within a configured expiry time (to reduce overhead). Please share if there is any approach which can handle that too.

0 4 348
4 REPLIES 4

Please check this Outbound OAuth sample on GitHub.

It's currently broken because of a change in the backend API (Azure translate), but you can reuse the template for the steps that need to be done (and even cache the token to avoid having to obtain it on every backend call)

Thank you for the reply. With the given reference I was able to implement the basic flow in my requirement.

However, the caching doesn't seems to be still working despite several attempts with different approaches.

Upto populate-cache step, my implementation is similar to the Outbound-Oauth-sample flow. The issue is, it always shows "lookupcache.lookup-cache.cachehit" as "false" and never skip the 'api-token-get.js' step.

Following is my cache implementations:

lookup-cache:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<LookupCache name="lookup-cache">
    <CacheResource>token_cache</CacheResource>
    <AssignTo>twitter-translate.apiAccessToken</AssignTo>
    <Scope>Exclusive</Scope>
    <CacheKey>
        <KeyFragment>apiAccessToken</KeyFragment>
        <KeyFragment ref="apiAccessToken"/>
    </CacheKey>
</LookupCache>

populate-cache:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PopulateCache name="populate-cache">
    <CacheResource>token_cache</CacheResource>
    <Source>twitter-translate.apiAccessToken</Source>
    <Scope>Exclusive</Scope>
    <CacheKey>
        <KeyFragment>apiAccessToken</KeyFragment>
        <KeyFragment ref="apiAccessToken"/>
    </CacheKey>
    <ExpirySettings>
        <TimeoutInSec>120</TimeoutInSec>
    </ExpirySettings>
    <DisplayName>populate-cache</DisplayName>
</PopulateCache>

And the flow looks like this:

6516-proxy-flow.png

The "api-token-get" js set the value to be cached as follows and value populates properly as per the property values shown in trace:

"context.setVariable('twitter-translate.apiAccessToken', getAccessToken());

Appreciate your assistance on resolving the issue with caching strategy. The requirement in this case is to populate 'twitter-translate.apiAccessToken' in the 1st request via api-token-get.js and then to access it from cache (until expiry) in following requests by skipping api-token-get.js step.

Have you defined the exclusive cache "token_cache" via the UI? If you haven't, you can always delete the line

<CacheResource>token_cache</CacheResource> 

in both policies and you'd be using the shared org/env cache (enough for testing and getting this going)

Also, I don't think you've got anything in the variable apiAccessToken (no prefix), so try deleting the line

<KeyFragment ref="apiAccessToken"/> 

in both policies

Thanks for the suggestion. I've tried out the specified modifications but still no luck.

Prior to this change I had a defined cache in the "Environment Configuration -> Caches". But even with removing <CacheResource> I still see "lookupcache.lookup-cache.cachehit" as false.

I've attached a trace log for further troubleshooting purpose (with modified org,environment and other org sensitive name/values) : .trace-1519780296020-xml.txt.

Appreciate a feedback on the possible rootcause for the issue and a resolution.